They Might Be Smart, But These Contracts Need to Be More Secure

The DAO was supposed to be the first major smart contract project. It cratered after someone exploited a flaw in the code controlling the funds. Investors were partially bailed out Wednesday by a hard fork, or reversal of transactions, on the Ethereum blockchain.

How could this disaster have been prevented?

One possible method of avoiding mistakes by smart contract developers in the future may be a certification process. It can provide participants in various smart contracts with greater assurances that they won't lose their money. However, the security of a smart contract becomes much clearer once it's been released into the wild. This issue may affect distributed models more than so-called "permissioned blockchains" as it's easier to place safeguards in the permissioned model.

The security question has come to the fore at a time when financial institutions are cautiously investigating the potential of smart contracts, along with other applications of blockchain technology. To proceed, they will need some reason to be confident that the DAO-saster won't be repeated.

[Get up to speed on distributed ledgers, cryptocurrencies and the bleeding edge of fintech at American Banker's third annual Blockchains + Digital Currencies conference July 28 in New York. Click here to read the agenda and register.]

For the uninitiated, a smart contract is a way to automate the execution of an agreement, usually financial in nature when in reference to blockchains. (As a simple example, bitcoin can be time-locked in a way that it is not spendable until a certain point in the future, and the terms are enforced by the blockchain.)

Banking and financial institutions have become excited about the prospects for smart contracts over the past few years for the purposes of cutting costs internally and for their customers. Ethereum is a decentralized blockchain, much like bitcoin, except that it was conceived specifically for advanced applications such as smart contracts, far beyond the scope of bitcoin's digital cash proposition.

Intended to be a sort of decentralized venture capital firm controlled by those who bought into the concept, The DAO instead set off a crisis in the Ethereum community, where the basic idea of how that blockchain operates was put up for debate.

As RSK Labs Chief Scientist Sergio Lerner pointed out in a recent blog post, the developers behind Ethereum hired LeastAuthory, Deja vu, and Coinspect to audit the platform before real money was put at stake. Although Deja vu, a security research and consulting firm that serves a variety of industries, also audited the code for the DAO, Lerner told American Banker, "Clearly one security audit was not enough because the vulnerability type was known since 2015." (Deja vu did not reply to a request for comment.)

"The DAO was a new kind of application, implemented in a new programming language, compiled with a new compiler, run on a new platform, exposed to a new kind of vulnerabilities," Lerner continued. "That's why it requires special attention. It should have been audited by experts in blockchains … and by more than one group."

Griff Green, a community organizer at Slock.it, the company that created the DAO, said there are several people looking at formal verification programs for complex smart contracts. "There is no doubt that what has transpired will radically alter the way developers write smart contracts going forward," Green said.

Emin Gun Sirer, an associate professor at Cornell, says the Ethereum Foundation, a nonprofit that promotes and supports the cryptocurrency, needs to provide better guidelines for the community.

The foundation "need not provide the vetting service itself, and can delegate that to third parties, who would then charge for this service," he explained. "I would envision that there would be different tiers. Not every contract needs to have as much scrutiny as one that will hold $220 million, for instance."

The nonprofit did not reply to a request for comment. ETHcore, the enterprise software company that has a similar position in the Ethereum community to RedHat's role in the open-source Linux software world, said it could not comment because it was swamped with work related to the hard fork.

Sirer's point about different tiers for different contracts gets at a key issue of the whole fiasco with the DAO, which is that no one thought this much money was going to be put into an Ethereum smart contract so early in the game. Early estimates for how much money would be crowdfunded via the DAO put the expectations at around $10 million, but over $125 million worth of ether (the native currency of Ethereum) eventually made its way into the smart contract.

One of the main issues with smart contracts, especially on distributed platforms such as Ethereum, is that it is hard to determine whether they're secure until hackers can attack them in a real-world environment. Andreas Antonopoulos, a bitcoin evangelist, refers to systems that are not allowed to develop in uncontrolled environments as "bubble boys," while he calls bitcoin the "sewer rat of cryptocurrencies" due to its relatively long track record of remaining secure in the wild.

While multiple security audits from respected institutions can provide smart contract users with greater peace of mind, the reality is that bugs and flaws can be overlooked. Once the open-source code goes live, hundreds or thousands of new eyes may comb over the code to find an exploit.

For this reason, RSK Labs, which is developing a smart contract platform called Rootstock as a "sidechain," or parallel ledger, of bitcoin, is following a philosophy it calls "progressive decentralization."

With something as complex as a decentralized autonomous organization, there are many more issues to worry about than just the software code. Economics, game theory, and myriad other areas of study must also be taken into account. For this reason, trial-and-error is still needed in the smart contract ecosystem before the experts can figure out what works and what doesn't.

RSK Labs recommends releasing a smart contract in stages where it is first controlled and easily updated by a set of cryptographic, multisignature notaries. The number of notaries required to sign off on proposed changes can be increased over time as the smart contract becomes more trusted. Eventually, the notaries can be completely removed, and the smart contract is then allowed to exist in the wild without its training wheels (the notaries).

Christopher Allen, who co-authored the Transport Layer Security protocol widely used to protect communications between servers and web browsers, sees some value in an improved review process for smart contracts. But he also sees a need to improve how these smart contracts are designed in the first place.

"Clearly some higher form of review and curation of smart contracts that secure significant amounts of money is required," said Allen, who now works as principal architect at Blockstream, a developer of new applications for blockchains. "However, in the short term I don't believe that even experts will be able to find many of these kinds of problems given the existing architecture. The only true test is that a smart contract has been run for a year successfully with $100,000, followed by allowing the same contract to be run for $1 million, and maybe another year before allowing $10 million."

The effective bounty on the security of a smart contract described by Allen is part of what has led to the relatively high level of trust that has been put into the code behind the bitcoin network. As the market cap for bitcoin (or any other cryptocurrency) increases, so does the reward for a hacker who finds a critical flaw in the system. The same concept applies for smart contracts; it's unclear how much time a hacker would have spent poking around the code for the DAO if thousands of dollars were raised as opposed to millions.

Allen also pointed out that companies or individuals who review smart contracts or offer certifications put their own finances at risk. Should they fail to find a critical flaw in the code before it is deployed in the real world, their reputations could suffer, or they could get sued.

He said he doubts large security review companies are ready to complete these sorts of reviews, partly due to a lack of standards in the space. "I don't know that any organization today could support that level of risk," Allen added.

For now, it appears there may be too many possible downsides to smart contract review for anyone serious to get involved.

"Instead, I do think there needs to be a requirement that smart contracts have more tripwires, for instance, various forms of human arbitration and mediation under adverse conditions," Allen said. "Having these be a minimal requirement for 'approval' by a foundation or other organization seems reasonable and possible."

It may be possible, he added, to stop some smart contracts at the system level if they are becoming "too big to fail," which appears to have been the issue with the DAO. However, "this can raise confidentiality concerns," since it would require someone to snoop around the network. Even if that were desirable, "privacy security technologies can make doing this difficult."

At this point, there is no reason for progress to come to a complete halt in the realm of smart contracts. While the DAO has been a massive setback for these new financial instruments, development will likely continue, perhaps in a more limited capacity. After all, a simple bitcoin transaction is also arguably a type of smart contract.

When asked if the DAO may have been a case of trusting too much money to the Ethereum network too early, Sirer responded, "Who am I to turn to investors and to tell them not to invest in this potential future technology? Clearly, every individual investor saw a value opportunity, and invested an amount that they could afford into that dream. This is exactly how crowds latch on to good ideas, propel them forward with capital, and how we make technological progress. Trying to stop this is like trying to push back on the Apple II because it's not a 64-bit modern PC."

Despite the bailout of the DAO token holders, Sirer pointed out that the large amount of money put into the smart contract in aggregate poses a PR risk to Ethereum.

Kyle Torpey, a freelance writer and researcher, has followed bitcoin since 2011. His work has been featured on VICE Motherboard, Business Insider, Nasdaq, RT's Keiser Report and other media outlets. Follow him on Twitter: @kyletorpey.